CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-25740	D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings... Description: D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module. EPSS Score: 0.04% Source: CVE February 15th, 2025 (5 months ago)
CVE-2025-1298	Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover. Description: Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover. EPSS Score: 0.04% Source: CVE February 15th, 2025 (5 months ago)
CVE-2024-57790	IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash... Description: IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH. EPSS Score: 0.04% Source: CVE February 15th, 2025 (5 months ago)
CVE-2024-56973	Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code... Description: Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component. EPSS Score: 0.04% Source: CVE February 15th, 2025 (5 months ago)
CVE-2024-31144	Xapi: Metadata injection attack against backup/restore functionality Description: For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories (SRs). The metadata itself is stored in a Virtual Disk Image (VDI) inside an SR. This is used for two purposes; a general backup of metadata (e.g. to recover from a host failure if the filer is still good), and Portable SRs (e.g. using an external hard drive to move VMs to another host). Metadata is only restored as an explicit administrator action, but occurs in cases where the host has no information about the SR, and must locate the metadata VDI in order to retrieve the metadata. The metadata VDI is located by searching (in UUID alphanumeric order) each VDI, mounting it, and seeing if there is a suitable metadata file present. The first matching VDI is deemed to be the metadata VDI, and is restored from. In the general case, the content of VDIs are controlled by the VM owner, and should not be trusted by the host administrator. A malicious guest can manipulate its disk to appear to be a metadata backup. A guest cannot choose the UUIDs of its VDIs, but a guest with one disk has a 50% chance of sorting ahead of the legitimate metadata backup. A guest with two disks has a 75% chance, etc. EPSS Score: 0.04% Source: CVE February 15th, 2025 (5 months ago)
	If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish Source: TheRegister February 15th, 2025 (5 months ago)
	SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN Source: TheRegister February 14th, 2025 (5 months ago)
CVE-2024-57601	[alextselegidis/easyappointments] Remote code execution in alextselegidis/easyappointments Description: Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter. References https://nvd.nist.gov/vuln/detail/CVE-2024-57601 https://hkohi.ca/vulnerability/13 https://github.com/advisories/GHSA-3wf7-83q3-948c EPSS Score: 0.04% Source: Github Advisory Database (Composer) February 14th, 2025 (5 months ago)
	Researcher Captures Contents of ‘DEI.gov’ Before It Was Hidden Behind a Password Description: The list includes budget claims like "$3.4 million for Malaysian drug-fueled gay sex app" and "Disbursed $15,000 to 'queer' Muslim writers in India." Source: 404 Media February 14th, 2025 (5 months ago)
	[keylime] Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0 Description: Impact The Keylime registrar implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the registrar will not accept the format of the data previously stored in the database by versions >= 7.8.0, raising an exception. This makes the Keylime registrar vulnerable to a Denial-of-Service attack in an update scenario, as an attacker could populate the registrar database by creating multiple valid agent registrations with different UUIDs while the version is still < 7.12.0. Then, when the Keylime registrar is updated to the 7.12.0 version, any query to the database matching any of the entries populated by the attacker will result in failure. Patches Users should upgrade to versions >= 7.12.1 Workarounds Remove the registrar database and re-register all agents Credit Reported by: Anderson Toshiyuki Sasaki/@ansasaki Patched by: Anderson Toshiyuki Sasaki/@ansasaki References https://github.com/keylime/keylime/security/advisories/GHSA-9jxq-5x44-gx23 https://github.com/keylime/keylime/commit/e08b10d86c3717006774e787542c190e2ba24fc7 https://github.com/advisories/GHSA-9jxq-5x44-gx23 Source: Github Advisory Database (PIP) February 14th, 2025 (5 months ago)